{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"moderate"},"category":"csaf_security_advisory","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"Security update for wdiff","title":"Title of the patch"},{"category":"description","text":"This update for wdiff fixes the following issues:\n\nThis update ships wdiff.\n\nUpdated to 1.2.2:\n\n  * Updated Vietnamese, Swedish, Estonian, Chinese (traditional),\n    Brazilian Portuguese and Russian translations.\n  * Updated gnulib.\n  * Used more recent autotools: autoconf 2.69 and automake 1.14.1.\n\nupdated to 1.2.1:\n\n  * Added Esperanto translation.\n  * Updated Czech, German, Spanish, Finnish, Galician, Italian, Dutch,\n    Polish, Slovenian, Serbian, Swedish, Ukrainian and Vietnamese\n    translations.\n  * Updated gnulib.\n  * Recreated build system using recent versions of autotools.\n    This will avoid security issues in 'make distcheck' target.\n    (CVE-2012-3386)\n\nupdated to 1.1.2:\n\n  * Backport gnulib change to deal with removal of gets function.\n    This is a build-time-only fix. (Mentioned in Fedora bug #821791)\n  * Added Serbian translation.\n  * Updated Danish and Vietnamese translations.\n  * Work around a bug in the formatting of the man page.\n    (Debian bug #669340)\n  * Updated Czech, German, Spanish, Finnish, Dutch, Polish, Slovenian,\n    Swedish and Ukrainian translations.\n  * Fix several issue with the use of screen in the test suite.\n  * Allow WDIFF_PAGER to override PAGER environment variable.\n  * Do not autodetect less, so we don't auto-enable less-mode.\n    This should improve things for UTF8 text. (Savannah bug #34224)\n    Less-mode is considered deprecated, as it isn't fit for multi-byte\n    encodings. Nevertheless it can still be enabled on the command line.\n  * Introduces use of ngettext to allow correct handling of plural forms\n\nupdated to 1.0.1:\n\n  * Updated Polish, Ukrainian, Slovenian, Dutch, Finnish, Swedish and\n    Czech translations\n  * Changed major version to 1 to reflect maturity of the package\n  * Updated Dutch, French, Danish and Slovenian translations\n  * Added Ukrainian translation\n  * Improved error reporting in case a child process has problems\n  * Added tests to the test suite\n  * Updated gnulib\n\nupdated to 0.6.5:\n\n  * Never initialize or deinitialize terminals, as we do no cursor \n    movement\n  * Deprecated --no-init-term (-K) command line option\n  * Avoid relative path in man pages\n  * Updated gnulib, might be particularly important for uClibc \n    users\n\nupdated to 0.6.4:\n\n  * Updated Catalan translations\n  * Updated gnulib\n\nupdate to 0.6.3:\n\n  * `wdiff -d' to read input from single unified diff, perhaps stdin.\n  * Updated texinfo documentation taking experimental switch into account.\n  * Experimental programs (mdiff & friends) and a configure switch\n    --enable-experimental to control them.\n  * Recent imports from gnulib, use of recent autotools.\n  * Improved autodetection of termcap library like ncurses.\n  * Reformatted translations, still a number of fuzzy translations.\n  * Changed from CVS to bzr for source code version control.\n  * Various bug fixes. See ChangeLog for a more exhaustive list.\n  * Introduce --with-default-pager=PAGER configure switch.\n  * Fix missing newline in info dir entry list.\n  * Fix shell syntax in configure script\n  * Updated gnulib and gettext, the latter to 0.18\n  * Updated Dutch translation\n  * Fixed a number of portability issues reported by maint.mk syntax checks\n  * Updated Italian and Swedish translations\n  * Updated gnulib\n","title":"Description of the patch"},{"category":"details","text":"openSUSE-2022-10031","title":"Patchnames"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"SUSE ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"self","summary":"URL of this CSAF notice","url":"https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2022_10031-1.json"},{"category":"self","summary":"URL for openSUSE-SU-2022:10031-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RHVSBRLGJ5C5MYYVH2AXVEQBTRVMVFRD/"},{"category":"self","summary":"E-Mail link for openSUSE-SU-2022:10031-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RHVSBRLGJ5C5MYYVH2AXVEQBTRVMVFRD/"},{"category":"self","summary":"SUSE CVE CVE-2012-3386 page","url":"https://www.suse.com/security/cve/CVE-2012-3386/"}],"title":"Security update for wdiff","tracking":{"current_release_date":"2022-06-25T18:01:15Z","generator":{"date":"2022-06-25T18:01:15Z","engine":{"name":"cve-database.git:bin/generate-csaf.pl","version":"1"}},"id":"openSUSE-SU-2022:10031-1","initial_release_date":"2022-06-25T18:01:15Z","revision_history":[{"date":"2022-06-25T18:01:15Z","number":"1","summary":"Current version"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_version","name":"wdiff-1.2.2-bp154.2.1.aarch64","product":{"name":"wdiff-1.2.2-bp154.2.1.aarch64","product_id":"wdiff-1.2.2-bp154.2.1.aarch64"}}],"category":"architecture","name":"aarch64"},{"branches":[{"category":"product_version","name":"wdiff-1.2.2-bp154.2.1.i586","product":{"name":"wdiff-1.2.2-bp154.2.1.i586","product_id":"wdiff-1.2.2-bp154.2.1.i586"}}],"category":"architecture","name":"i586"},{"branches":[{"category":"product_version","name":"wdiff-lang-1.2.2-bp154.2.1.noarch","product":{"name":"wdiff-lang-1.2.2-bp154.2.1.noarch","product_id":"wdiff-lang-1.2.2-bp154.2.1.noarch"}}],"category":"architecture","name":"noarch"},{"branches":[{"category":"product_version","name":"wdiff-1.2.2-bp154.2.1.ppc64le","product":{"name":"wdiff-1.2.2-bp154.2.1.ppc64le","product_id":"wdiff-1.2.2-bp154.2.1.ppc64le"}}],"category":"architecture","name":"ppc64le"},{"branches":[{"category":"product_version","name":"wdiff-1.2.2-bp154.2.1.s390x","product":{"name":"wdiff-1.2.2-bp154.2.1.s390x","product_id":"wdiff-1.2.2-bp154.2.1.s390x"}}],"category":"architecture","name":"s390x"},{"branches":[{"category":"product_version","name":"wdiff-1.2.2-bp154.2.1.x86_64","product":{"name":"wdiff-1.2.2-bp154.2.1.x86_64","product_id":"wdiff-1.2.2-bp154.2.1.x86_64"}}],"category":"architecture","name":"x86_64"},{"branches":[{"category":"product_name","name":"SUSE Package Hub 15 SP4","product":{"name":"SUSE Package Hub 15 SP4","product_id":"SUSE Package Hub 15 SP4"}},{"category":"product_name","name":"openSUSE Leap 15.4","product":{"name":"openSUSE Leap 15.4","product_id":"openSUSE Leap 15.4","product_identification_helper":{"cpe":"cpe:/o:opensuse:leap:15.4"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"wdiff-1.2.2-bp154.2.1.aarch64 as component of SUSE Package Hub 15 SP4","product_id":"SUSE Package Hub 15 SP4:wdiff-1.2.2-bp154.2.1.aarch64"},"product_reference":"wdiff-1.2.2-bp154.2.1.aarch64","relates_to_product_reference":"SUSE Package Hub 15 SP4"},{"category":"default_component_of","full_product_name":{"name":"wdiff-1.2.2-bp154.2.1.i586 as component of SUSE Package Hub 15 SP4","product_id":"SUSE Package Hub 15 SP4:wdiff-1.2.2-bp154.2.1.i586"},"product_reference":"wdiff-1.2.2-bp154.2.1.i586","relates_to_product_reference":"SUSE Package Hub 15 SP4"},{"category":"default_component_of","full_product_name":{"name":"wdiff-1.2.2-bp154.2.1.ppc64le as component of SUSE Package Hub 15 SP4","product_id":"SUSE Package Hub 15 SP4:wdiff-1.2.2-bp154.2.1.ppc64le"},"product_reference":"wdiff-1.2.2-bp154.2.1.ppc64le","relates_to_product_reference":"SUSE Package Hub 15 SP4"},{"category":"default_component_of","full_product_name":{"name":"wdiff-1.2.2-bp154.2.1.s390x as component of SUSE Package Hub 15 SP4","product_id":"SUSE Package Hub 15 SP4:wdiff-1.2.2-bp154.2.1.s390x"},"product_reference":"wdiff-1.2.2-bp154.2.1.s390x","relates_to_product_reference":"SUSE Package Hub 15 SP4"},{"category":"default_component_of","full_product_name":{"name":"wdiff-1.2.2-bp154.2.1.x86_64 as component of SUSE Package Hub 15 SP4","product_id":"SUSE Package Hub 15 SP4:wdiff-1.2.2-bp154.2.1.x86_64"},"product_reference":"wdiff-1.2.2-bp154.2.1.x86_64","relates_to_product_reference":"SUSE Package Hub 15 SP4"},{"category":"default_component_of","full_product_name":{"name":"wdiff-lang-1.2.2-bp154.2.1.noarch as component of SUSE Package Hub 15 SP4","product_id":"SUSE Package Hub 15 SP4:wdiff-lang-1.2.2-bp154.2.1.noarch"},"product_reference":"wdiff-lang-1.2.2-bp154.2.1.noarch","relates_to_product_reference":"SUSE Package Hub 15 SP4"},{"category":"default_component_of","full_product_name":{"name":"wdiff-1.2.2-bp154.2.1.aarch64 as component of openSUSE Leap 15.4","product_id":"openSUSE Leap 15.4:wdiff-1.2.2-bp154.2.1.aarch64"},"product_reference":"wdiff-1.2.2-bp154.2.1.aarch64","relates_to_product_reference":"openSUSE Leap 15.4"},{"category":"default_component_of","full_product_name":{"name":"wdiff-1.2.2-bp154.2.1.i586 as component of openSUSE Leap 15.4","product_id":"openSUSE Leap 15.4:wdiff-1.2.2-bp154.2.1.i586"},"product_reference":"wdiff-1.2.2-bp154.2.1.i586","relates_to_product_reference":"openSUSE Leap 15.4"},{"category":"default_component_of","full_product_name":{"name":"wdiff-1.2.2-bp154.2.1.ppc64le as component of openSUSE Leap 15.4","product_id":"openSUSE Leap 15.4:wdiff-1.2.2-bp154.2.1.ppc64le"},"product_reference":"wdiff-1.2.2-bp154.2.1.ppc64le","relates_to_product_reference":"openSUSE Leap 15.4"},{"category":"default_component_of","full_product_name":{"name":"wdiff-1.2.2-bp154.2.1.s390x as component of openSUSE Leap 15.4","product_id":"openSUSE Leap 15.4:wdiff-1.2.2-bp154.2.1.s390x"},"product_reference":"wdiff-1.2.2-bp154.2.1.s390x","relates_to_product_reference":"openSUSE Leap 15.4"},{"category":"default_component_of","full_product_name":{"name":"wdiff-1.2.2-bp154.2.1.x86_64 as component of openSUSE Leap 15.4","product_id":"openSUSE Leap 15.4:wdiff-1.2.2-bp154.2.1.x86_64"},"product_reference":"wdiff-1.2.2-bp154.2.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.4"},{"category":"default_component_of","full_product_name":{"name":"wdiff-lang-1.2.2-bp154.2.1.noarch as component of openSUSE Leap 15.4","product_id":"openSUSE Leap 15.4:wdiff-lang-1.2.2-bp154.2.1.noarch"},"product_reference":"wdiff-lang-1.2.2-bp154.2.1.noarch","relates_to_product_reference":"openSUSE Leap 15.4"}]},"vulnerabilities":[{"cve":"CVE-2012-3386","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2012-3386"}],"notes":[{"category":"general","text":"The \"make distcheck\" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors.","title":"CVE description"}],"product_status":{"recommended":["SUSE Package Hub 15 SP4:wdiff-1.2.2-bp154.2.1.aarch64","SUSE Package Hub 15 SP4:wdiff-1.2.2-bp154.2.1.i586","SUSE Package Hub 15 SP4:wdiff-1.2.2-bp154.2.1.ppc64le","SUSE Package Hub 15 SP4:wdiff-1.2.2-bp154.2.1.s390x","SUSE Package Hub 15 SP4:wdiff-1.2.2-bp154.2.1.x86_64","SUSE Package Hub 15 SP4:wdiff-lang-1.2.2-bp154.2.1.noarch","openSUSE Leap 15.4:wdiff-1.2.2-bp154.2.1.aarch64","openSUSE Leap 15.4:wdiff-1.2.2-bp154.2.1.i586","openSUSE Leap 15.4:wdiff-1.2.2-bp154.2.1.ppc64le","openSUSE Leap 15.4:wdiff-1.2.2-bp154.2.1.s390x","openSUSE Leap 15.4:wdiff-1.2.2-bp154.2.1.x86_64","openSUSE Leap 15.4:wdiff-lang-1.2.2-bp154.2.1.noarch"]},"references":[{"category":"external","summary":"CVE-2012-3386","url":"https://www.suse.com/security/cve/CVE-2012-3386"},{"category":"external","summary":"SUSE Bug 770618 for CVE-2012-3386","url":"https://bugzilla.suse.com/770618"},{"category":"external","summary":"SUSE Bug 786745 for CVE-2012-3386","url":"https://bugzilla.suse.com/786745"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Package Hub 15 SP4:wdiff-1.2.2-bp154.2.1.aarch64","SUSE Package Hub 15 SP4:wdiff-1.2.2-bp154.2.1.i586","SUSE Package Hub 15 SP4:wdiff-1.2.2-bp154.2.1.ppc64le","SUSE Package Hub 15 SP4:wdiff-1.2.2-bp154.2.1.s390x","SUSE Package Hub 15 SP4:wdiff-1.2.2-bp154.2.1.x86_64","SUSE Package Hub 15 SP4:wdiff-lang-1.2.2-bp154.2.1.noarch","openSUSE Leap 15.4:wdiff-1.2.2-bp154.2.1.aarch64","openSUSE Leap 15.4:wdiff-1.2.2-bp154.2.1.i586","openSUSE Leap 15.4:wdiff-1.2.2-bp154.2.1.ppc64le","openSUSE Leap 15.4:wdiff-1.2.2-bp154.2.1.s390x","openSUSE Leap 15.4:wdiff-1.2.2-bp154.2.1.x86_64","openSUSE Leap 15.4:wdiff-lang-1.2.2-bp154.2.1.noarch"]}],"threats":[{"category":"impact","date":"2022-06-25T18:01:15Z","details":"moderate"}],"title":"CVE-2012-3386"}]}